CodeTriage icon indicating copy to clipboard operation
CodeTriage copied to clipboard
verified publisher icon codetriage

Trying to get in touch regarding a security issue

Open JamieSlome opened this issue 4 years ago • 1 comments

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

JamieSlome avatar Jul 12 '21 07:07 JamieSlome

Hi @JamieSlome thanks for opening the issue. I've created a rough doc https://github.com/codetriage/CodeTriage/blob/main/SECURITY.md. Feedback welcome if there's something you'd like to see there. Unfortunately, I don't have CodeTriage on any bounty programs as this is all freetime-ware. I am happy to give thanks and credit via Twitter to reporters.

schneems avatar Jul 12 '21 19:07 schneems